Skip to content

Releases: kidoz/trace-weft

TraceWeft v0.2.0

16 Jun 22:49
@kidoz kidoz
v0.2.0
4986879

Choose a tag to compare

View all tags
TraceWeft v0.2.0 Latest
Latest

Features

  • OpenTelemetry export preserves original trace and span IDs - a custom IdGenerator maps TraceWeft UUIDs onto OTel 128/64-bit IDs and rebuilds parent context, so exported spans keep their place in the trace tree
  • Postgres query endpoints - list traces, get trace by id, and list evals now serve Postgres as well as SQLite through shared dialect-agnostic mappers
  • API-key authentication with per-project multi-tenancy - SHA-256 hashed keys, constant-time comparison, project-scoped queries, and server-side project stamping so tenants only see their own traces
  • Robust OTLP ingest on opentelemetry-proto types - original trace/span/parent IDs are preserved instead of regenerated
  • Desktop app lifecycle - the Tauri shell embeds the server, exposes server_info/server_start/server_stop IPC commands, and drains the server gracefully on exit

Security

  • The local API is no longer readable from arbitrary browser origins - permissive CORS is replaced by an origin allowlist (loopback + Tauri webview), blocking cross-origin reads and preflighted CSRF
  • HITL approval endpoints now require authentication
  • start_server defaults to secure auth (reject unless keys or dev mode are configured); trace-weft dev and the desktop opt into local-first
  • Vite updated to 8.0.16 and the Babel advisory patched - npm audit is clean at high severity

Fixes

  • MCP traceparent span-id reduction aligned with the OTel exporter (low 8 bytes), so a span maps to the same 64-bit id on every wire
  • OTLP ingest returns 400 for malformed payloads instead of silently minting new UUIDs
  • Query handlers surface corrupt JSON as 500 instead of masking it as {}
  • MSRV metadata corrected - every crate inherits rust-version = 1.94.1

Other

  • 100+ unit and integration tests across propagation, MCP, SQLite/Postgres parity, tenant isolation, ingest, and graceful shutdown
  • All publishable crates carry crates.io metadata (description, license, repository) with versioned path dependencies; cargo package --workspace passes
  • Web API base centralized via VITE_API_BASE so the dev proxy and the desktop bundle both work
  • README screenshots and badges; all manifests aligned to 0.2.0

Full Changelog: https://github.com/kidoz/trace-weft/commits/v0.2.0

Assets 2
Loading